<?php
class Zenddn_Plugin_Permission extends Zend_Controller_Plugin_Abstract{
    
    public function preDispatch(Zend_Controller_Request_Abstract $request){
        $auth = Zend_Auth::getInstance();
        
        $module = $request->getModuleName();
        
        if($module == 'admin'){
            $flag = null;
            
            if(!$auth->hasIdentity()){
                $flag = 'login';
            }else{
                $info = new Zenddn_System_Info();
                $role = $info->getUserInfo('role');
                
                $controller = $request->getControllerName();
                $action = $request->getActionName();
                
                if(!$role && $controller != 'auth' && $action != 'login' && $action != 'logout'){
                    $flag = 'no-access';
                }else{
                    $aclInfo = $info->getPermission();
                    $acl = new Zenddn_System_Acl($aclInfo);
                    
                    $full_permission = $info->getGroupInfo('full_permission');
                    
                    if(!$full_permission){
                        if(!$acl->isAllowed($request->getParams())){
                            $flag = 'no-access';
                        }
                    }
                }
            }
            
            if($flag != null){
                if($flag == 'login'){
                    $request->setControllerName('auth');
                    $request->setActionName('login');
                }
                
                if($flag == 'no-access'){
                    $request->setControllerName('error');
                    $request->setActionName('no-access');
                }
            }
        }
    }
}